[Snort-sigs] OpenSSH // SSH detection rules?
tonyh at ...1915...
Mon Dec 8 05:39:01 EST 2003
Hey guys, I have recently had an interest for policy reasons here to detect incoming SSH connections to any of my subnets. Since, the port may not be the default port (22) and it seems that I can't really tell which side the "OpenSSH-" banner is coming from is there another way to detect ssh sessions at the packet level? By any packet pattern challenge/response etc?
Is anyone using a rule like this and or a rule that can detect something like this with little FP's ? any examples for this would be greatly appreciated as always.
University of Florida
More information about the Snort-sigs